Guideline IDESXi.create-local-admin

Vulnerability Discussion : By default each ESXi host has a single “root” admin account that is used for local administration and to connect the host to vCenter Server.  To avoid sharing a common root account it is recommended on each host to create at least one named user account and assign it full admin privileges and to use  this account in lieu of a shared “root” account.  Set a highly complex password for the “root” account and secure it in a safe location.  Limit the use of “root” but do not remove the “root” account.

Risk Profile : 1, 2, 3

Description : Create a non-root user account for local admin access

  1. Log in to ESXi using the Host Client and Click on Manage > Security & Users > Users > Add Users
  2. Enter a user name, and a password and description (Not Mendatory)

  3. Once you are done you can see your user in your users list.
  4. Now again go to the hosts and click on  Actions > Permissions
  5. Now you can select your previously created your user here and can define a role of it.56
  6. As soon you are done your user is able to access the Esx via there user id instad of Root account.

Leave a reply